Articles about cybersecurity and data privacy written by me, Stephen Cobb, CISSP. (This site can also be reached as zcobb.com and scobb.net.) Follow me on Twitter @zcobb for more frequent security news. (All views expressed here are mine and not those of my employer.)

Monday, October 24, 2005

An "Activist Judge" Gets Security Right

I don't know if U.S. District Judge Royce Lamberth fits the current definition of "activist judge" but he recently acted in what I consider to be an admirable way by pro-actively preventing computer security problems. On October 20 he ordered the U.S. Interior Department "to disconnect from the Internet all computer equipment holding data related to trust accounts it manages for American Indians, a decision that could cripple large sections of the agency's computer network."

While this is only the latest in a long saga of actions and responses between Judge Lamberth and the Interior Department, it is a timely reminder of what life would be like if networks were not allowed to be connected to the Internet unless they could prove, to the satisfaction of independent experts, that there were secure. In the latest security review "investigators testified they would give the department's computer security an 'F' grade or "one notch lower than an 'F' ... a 'G.'"

But that is not the most alarming fact in this story. The failing grade came after the department had spent $100 million on security improvements.

And for those who think government agencies are, by their nature, wasteful and incompetent, I am willing to bet there are Fortune 500 companies out there that would fail the same test.

Featured Post

About Me

25 years focusing on cybersecurity and data privacy. Trying to help people enjoy technology and its benefits by working to mitigate the impact of criminals and other ‘bad actors’ in cyberspace. Trying to close the cybersecurity skills gap by encouraging women and minorities to enter the profession. Certified Information System Security Professional (CISSP) since 1996. I am fortunate to be paid to do security research by ESET, one of the world's largest security software companies. (These blog posts are mine and the views expressed in them are mine - although my employer has some pretty cool views too.)
What else? Wrote a bunch of books, started several successful companies. Produced a commercially unsuccessful but award-winning documentary about civil rights. Also strive to create greater awareness of hemochromatosis, the most common genetic killer in the Western world (that nearly killed my partner). Oh, and I'm working on a Master's degree in Security and Risk Management in the Criminology Department of the University of Leicester, England.